Hi
Attached are 2 Email Templates one can use for the AM process.
Worked on them with Jordi Mallach in IRC today (added some Questions,
fixed spelling in another place).
We are trying to make them even better, so please take a look at them
and fix any errors you found.
Also send any additional Question you may have for T&S or P&P to me
or Jordi, so we can include them (if it is a good Question. :) ).
Ah, if something goes wrong with the attachments, they are available
here: http://people.debian.org/~joerg/nm/
Thx.
P.S.: Jordi suggested to split my nm1.txt into two files/mails to the
Applicant. One for the Assigned Mail and one for the T&S Stuff. I
personally prefer to do it in one mail. :)

I'm glad to say that I have been appointed as your Application
Manager. As such, I will go through the New Maintainer process with
you and then send a summary to the Developer Accounts Managers (DAM) and
a brief summary to the debian-newmaint Mailinglist.
At http://www.debian.org/devel/join/nm-checklist you can see the steps
we have to go through. I hope you know about the basic steps. If
not, please read the information at the New Maintainers' Corner and
feel free to ask any questions you might have. I'm here to help you
get yourself integrated in the project, and I'm glad to help you in
any way.
The first step was to sign up to become a Debian Maintainer and get an
Application Manager (AM) assigned. You have completed the first step.
Now it's time to check your identity.
Please send me a copy of your GPG public key. If your GPG key is
signed by a Debian developer, the ID check is completed. However,
if your key is not signed, then we have to figure out what to do
for the ID check.
Since many people trust Debian, we have to make sure that new volunteers
are who they claim to be. The easiest check is having your GPG key
signed by a Debian developer because this means that he has met you in
real life and confirmed your identity.
Also: please read http://www.dewinter.com/gnupg_howto/ to learn
more about the web of trust and key signing. Also:
http://www.herrons.com/kb2nsx/keysign.html
The NM process offers another option: you can send me a scanned image of
an ID card (passport, drivers licence) and the name of a person who I can
contact and ask if this is really you. The person should be respectable,
ie. university staff, employer -- it would be best that his name and his
position can be found on a web site (e.g professors are listed on their
university's web site).
Having a signed key is the preferred option. If you tell me where you
live (and some big places close to you), I can check if there are any
Developers close to you. Only if we don't find any, you can send me a
signed ID (please make sure the file size stays below 50K or so; JPG or
PNG format).
For this, issue:
gpg -s -a -b firstname_secondname.png
and send me firstname_secondname.png and .png.asc.
Please tell me your preferred account name for the Debian machines
and the email address to which mail should be forwarded. Please make
sure that the account name is still free -- visit http://db.debian.org
to find out if this is the case.
Finally, please tell me about yourself and what you intend to do for
Debian (and how this fits in with The Social Contract). Also, how
you came to Linux and free software, and why you want to volunteer
your time.
If you have packaged an application for Debian already, please give
me an URL where I can get the sources (the .diff and .orig) and the
package itself (the .deb). Or send them to me (look at the bottom of
this mail first for that, please.)
Next I have some Questions for you. They apply mainly to the T&S Part,
but they are not enough for it, you have to provide me a package (or
good documentation / website stuff if you intent to do that for Debian).
- How do you check that your Build-Depends Line contains all things
needed to built your package?
- Please explain me what a virtual package is. Where can you find a
list of defined virtual packages?
- What does it mean for a package to have line like
"Architecture: i386 alpha powerpc" in the control file?
Do you have to provide binary packages for all these
architectures if you upload your package?
What is the difference between "Architecture: all" and
"Architecture: any"?
- How do you manage new upstream releases?
- There is a bug in your package, fixed in Upstream CVS/development
branch. What do you do with it?
- What do you do if Upstream releases a tarball once every year and
then distributes minor revisions only in the form of patches? How do
you manage your package then?
I look forward to hearing from you and hope we will be able to go
through the steps without any problems. The next step is "Philosophy
and Procedures" -- I will ask you a few questions by e-mail which
you have to answer.
Finally, thanks for volunteering! Debian is a volunteer effort and
you can make a difference!
P.S. Please sign every Mail you send to me with your GPG Key or I cant
accept them!

We have to check that you understand the Social Contract and the Debian
Free Software Guidelines (DFSG). Have you read them? If not, please
do so. You can find them in /usr/share/doc/debian or on
http://www.debian.org
First, please explain the key points of the Social Contract and the
DFSG _in your own words_. Also, describe what you personally think
about these documents.
Secondly, a few questions, based on them:
- What is Debian's (current) approach to non-free software? Why? Is
non-free part of the Debian System?
- Debian was offered a Debian-specific license to package a certain
piece of software (I forget which). Would we put it in main?
- Donald Knuth, author of TeX, insists that no-one has the right to
modify the source code of TeX, and that any changes must be made using
"change files" (a sort of patch file). Is this allowed for a program
for the main section of Debian?
- Do you know (and can you explain) the difference between free speech
and free beer? Is Debian mainly about free speech or free beer?
- The e-mail client pine is in non-free. Can you tell me the
difference between main, contrib and non-free? Do you know what's
wrong with Pine's current license in regard to the DFSG? (If you
don't know this, never mind).
- At http://people.debian.org/~wolfie/mpg123_copyright you can
find the license of mpg123. Can you tell me why this program
is non-free according to the DFSG?
Do you agree to uphold the Social Contract and the DFSG?
If you are accepted as a Debian developer, you will get accounts
on the Debian machines. Have you read the Debian Machine Usage
Policies (DMUP) at http://www.debian.org/devel/dmup ? Do you
accept them?
I'm sure you have read the Debian Developers' Reference at
http://www.debian.org/doc/packaging-manuals/developers-reference/
- What are Non-Maintainer Uploads (NMUs) and when would you do an NMU?
- Tell me 3 different methods to close a bug in the BTS.
- What would you do if a bug was reported against your package and
you are not able to fix it yourself?
- You've just heard about this great program and would like to package
it, what would you do?
- Do you know what 'lintian' is? Why is it useful?
- What does version 3.4-2.1 mean? What Debian control file would you
put this in?
- You have a package in contrib, why would it have to go there? What could
you do (in theory at least) to get it into main?
- If you had a file in your package which usually gets changed by a
administrator for local settings, how do you make sure your next version
of the package doesn't overwrite it?
- How do you check if your package has been compiled successfully on
different architectures?
- There are many Debian suites, like "stable", "unstable", "testing",
"woody" and "sid". Can you explain why there are so many and what
the differences are? How does a package get from one to the other?
- How can you ensure your package's description is in a good state and
in a valid format?
- What should you do if a security bug pops up in one of your packages?
- Imagine you maintain a package which depends very closely to some
other package. How would you keep track of the development of other
packages, even if you are not the maintainer?
- What should you do before signing another developer's gpg key?
- What would you do if you wanted to retire from the project?
A word on mailing lists: there are quite a lot of Debian mailing lists
now and packaging-related packages, and I'd just like to check with
you whether you know about the key ones. I think all of the packages
are listed as dependencies of task-debian-devel, but you may not be
aware of what you have got.
Packages:
dpkg-dev All of the primary tools needed to put a Debian package
together: dpkg-buildpackage, dpkg-source, etc.
debhelper A very useful set of scripts designed to make
debian/rules files more readable and uniform.
debian-policy
Describes the policy relating to packages and details of
the packaging mechanism. Covers everything from
required gcc options to the way the maintainer scripts
(postinst etc.) work, package sections and priorities,
etc. An absolute must-read. Also useful is the file
/usr/share/doc/debian-policy/upgrading-checklist.txt,
which lists changes between versions of policy.
doc-debian Lots of useful Debian-specific documentation: the
constitution and DFSG, explanation of the Bug Tracking
System (BTS), etc.
maint-guide
The New Maintainer's Guide to making Debian packages.
devscripts Lots of useful (and not-so-useful) scripts to help build
packages.
developers-reference
Lots of information on procedures and suchlike.
dupload or dput
Automatically upload packages to the archive once they
are built.
fakeroot Build packages without having to be root.
reportbug Tool to report bugs.
pbuilder Tool to check the build-depends of your package in a sane
environment.
It's not half as bad as it seems at first, but the long-term
advantages to the maintainer and user of having such detailed
descriptions of package building should be clear ;-)
And as for mailing lists, you do not really need to read lots, but the
most significant ones are probably:
debian-announce: Major public announcements
debian-devel-announce: Major announcements to the developer community
These two lists are must-subscribes. Everything else is optional. I
abbreviate 'debian-' to '-' from now on!
-security-announce:
security updates to stable
-private: you'll be subscribed automatically when your new-maintainer
application is accepted; sensitive discussions, flamewars
etc. You can unsubscribe if you wish.
-devel: general mailing list for developer issues
-policy: where possible changes to debian-policy are discussed
There are many others; check the mailing list page on the web site
for details.
Finally, http://www.debian.org/devel/ offers very good resources for
Debian developers. The WNPP page at http://www.debian.org/devel/wnpp/
is important if you want to announce that you are working on a new
package or if you want to adopt one. http://bugs.debian.org/ has a good
description on the Bug Tracking System. http://people.debian.org/~igenibel/
is also an interesting place to keep track of your packages.